Abstract
Current cache Side-Channel Attacks (SCAs) countermeasures have not been designed for many-core architectures and need to be revisited in order to be practical for these new technologies. Spatial isolation of resources for sensitive applications has been proposed taking advantage of the large number of resources offered by these architectures. This solution avoids cache sharing with sensitive processes. Consequently, their cache activity cannot be monitored and cache SCAs cannot be performed. This work focuses on the implementation of this technique in order to minimize the induced performance overhead. Different strategies for the management of isolated secure zones are implemented and compared.
- Ghassan Almaless. 2014. Operating System Design and Implementation for Single-Chip cc-NUMA Many-Core. Ph.D. Dissertation. Université Pierre Marie Currie (PMC), France.Google Scholar
- axTLS embedded SSL. 2016. Retrieved from http://axtls.sourceforge.net/.Google Scholar
- AES implementation in ∼300 lines of code ∣ C Code Blog. 2017. Retrieved from https://ccodeblog.wordpress.com/2012/05/25/aes-implementation-in-300-lines-of-code/.Google Scholar
- Gilles Barthe, Gustavo Betarte, Juan D. Campo, Carlos Luna, and David Pichardie. 2014. System-level non-interference for constant-time cryptography. In Proc. of the Conference on Computer and Communications Security. ACM, 1267--1279. Google Scholar
Digital Library
- Daniel J. Bernstein. 2005. Cache-Timing Attacks on AES. Technical Report. Retrieved from https://cr.yp.to/antiforgery/cachetiming-20050414.pdf.Google Scholar
- Johannes Blömer and Volker Krummel. 2007. Analysis of countermeasures against access driven cache attacks on AES. Selected Areas in Cryptography 4876 (2007), 96--109. Google Scholar
Digital Library
- Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES. In Proc. of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 201--215. Google Scholar
Digital Library
- Paolo Burgio, Marko Bertogna, Ignacio Sanudo Olmedo, Paolo Gai, Andrea Marongiu, and Michal Sojka. 2016. A software stack for next-generation automotive systems on many-core heterogeneous platforms. In Proc. of the Euromicro Conference on Digital System Design (DSD). IEEE.Google Scholar
Cross Ref
- Juan Campo. 2016. Formally Verified Countermeasures Against Cache Based Attacks in Virtualization Platforms. Ph.D. Dissertation. Montevideo: UR.FI.INCO.Google Scholar
- Stephen Crane, Andrei Homescu, Stephan Brunthaler, Per Larsen, and Michael Franz. 2015. Thwarting cache side-channel attacks through dynamic software diversity. In Proc. of the Annual Network and Distributed System Security Symposium, (NDSS). IEEE, 142--151.Google Scholar
Cross Ref
- Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES-The Advanced Encryption Standard (1st ed.). Springer-Verlag, Berlin. Google Scholar
Digital Library
- Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry Ponomarev, Nael Abu-Ghazaleh, and Ryan Riley. 2016. Flexible hardware-managed isolated execution: Architecture, software support and applications. IEEE Transactions on Dependable and Secure Computing (TDSC) PP (2016), 1.Google Scholar
- César Fuguet Tolero. 2016. Introduction of Fault-Tolerance Mechanisms for Permanent Failures in Coherent Shared-Memory Many-Core Architectures. Ph.D. Dissertation. Université Pierre Marie Currie (PMC), France.Google Scholar
- Quian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2016. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering (Cryptogr Eng) 1--27 (2016), 1.Google Scholar
- Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. FLUSH+FLUSH: A fast and stealthy cache attack. In Proc. of the Conference on Detection of Intrusions and Malware 8 Vulnerability Assesment (DIMVA). Springer. Google Scholar
Digital Library
- Roberto Guanciale, Hamed Nemati, Christoph. Baumann, and Mads Dam. 2016. Cache storage channels: Alias-driven attacks and verified countermeasures. In Proc. of the Symposium on Security and Privacy (SP). IEEE.Google Scholar
Cross Ref
- David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games-bringing access-based cache attacks on AES to practice. In Proc. of the Symposium on Security and Privacy (SP). IEEE, 490--595. Google Scholar
Digital Library
- Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A shared cache attack that works across cores and defies VM sandboxing and its application to AES. In Proc. of the Symposium on Security and Privacy (SP). IEEE. Google Scholar
Digital Library
- Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In Proc. of the 11th Asia Conference on Computer and Communications Security (ASIA CCS). ACM, 353--364. Google Scholar
Digital Library
- Kalray’s. 2016. MPPA. Retrieved from http://www.kalrayinc.com/kalray/products/.Google Scholar
- Mehmet Kayaalp, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Aamer Jaleel. 2016. A high-resolution side-channel attack on last-level cache. In Proc. of the 53rd Annual Design Automation Conference (DAC). ACM, 72. Google Scholar
Digital Library
- Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proc. of the 21st Security Symposium, USENIX (Ed.). Google Scholar
Digital Library
- Fangfei Liu, Yuval Yarom, Quian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proc. of the Symposium on Security and Privacy (SP). IEEE, 605--622. Google Scholar
Digital Library
- Maria Méndez Real, Philipp Wehner, Vincent Migliore, Vianney Lapotre, Diana Goehringer, and Guy Gogniat. 2016a. Dynamic spatially isolated secure zones for noc-based many-core accelerators. In Proc. of the International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), IEEE (Ed.).Google Scholar
Cross Ref
- Maria Méndez Real, Philipp Wehner, Jens Rettkowski, Vincent Migliore, Vianney Lapotre, Diana Goehringer, and Guy Gogniat. 2016b. MPSoCSim extension: An OVP simulator for the evaluation of cluster-based multicore and many-core architectures. In Proc. of the International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS). IEEE.Google Scholar
Cross Ref
- Dag A. Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In Proc. of the RSA Conference Cryptographers Track (CT-RSA). Google Scholar
Digital Library
- OVP. 2017. Open Virtual Platforms. Retrieved from https://www.ovpworld.org/.Google Scholar
- Dan Page. 2005. Partitioned Cache Architecture as a Side-Channel Defense Mechanism. Cryptology ePrint Archive, Report 280.Google Scholar
- Colin Percival. 2005. Cache missing for fun and profit. In BSDCan 2005.Google Scholar
- Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proc. of the 2009 ACM Workshop on Cloud Computing Security (CCSW). ACM, 77--84. Google Scholar
Digital Library
- Cezar Reinbrecht, Altamiro Susin, Lilian Bossuet, and Johana Sepulveda. 2016a. Gossip noc -- avoiding timing side-channel attacks through traffic management. In Proc. of the Computer Society Annual Symposium on VLSI (ISVLSI). IEEE.Google Scholar
Cross Ref
- Cezar Reinbrecht, Altamiro Susin, Lilian Bossuet, Georg Sigl, and Johanna Sepulveda. 2016b. Side channel attack on NoC-based MPSoCs are practical: NoC prime+probe attack. In Proc. of the 29th Symposium on Integrated Circuits and Systems Design (SBCCI). IEEE. Google Scholar
Digital Library
- Martha J. Sepulveda, Jean-Philippe Diguet, Marius Strum, and Guy Gogniat. 2015. NoC-based protection for SoC time-driven attacks. IEEE Embedded Systems Letters 7, 1 (2015), 7--10.Google Scholar
Cross Ref
- Jicheng Shi, Xiang Song, Haibo Chen, and Binyu Zang. 2011. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Proc. of the 41st International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 194--199. Google Scholar
Digital Library
- OVP 8 SystemC. 2017. Open Virtual Platforms Imperas Software Limited. Retrieved from http://www.ovpworld.org/technology_systemc.Google Scholar
- Nist AES test vectors. 2001. Recommendation for block cipher modes of operation: methods and techniques-nistspecial-publication800-38.a.pdf. Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.Google Scholar
- TILE-Gx36. 2017. Mellanox Products: TILE-Gx36 Processor. Retrieved from http://www.mellanox.com/page/products_dyn?product_family=2378mtag=tile_gx36.Google Scholar
- TILE-Gx72. 2017. Mellanox Technologies -End-to-End Connectivity for HPC and Data Center Server and Storage. Retrieved from http://www.mellanox.com/page/products_dyn?product_family=2388mtag=tile_gx72.Google Scholar
- Eran Tromer and Dag A. Osvik. 2010. Analysis of countermeasures against access driven cache attacks on AES. Journal of Cryptology 23, 1 (2010), 37--71.Google Scholar
Digital Library
- Pham Trung-Dung, Nguyen Van-Tien, and Nguyen Truong-Son. 2016. Development of a many-core architecture for automotive embedded systems. Journal of Automation and Control Engineering 4, 2 (2016), 147--152.Google Scholar
Cross Ref
- TSAR. 2014. Retrieved from https://www-soc.lip6.fr/trac/tsar.Google Scholar
- TSUNAMY. 2016. The TSUNAMY project. Retrieved from https://www.tsunamy.fr.Google Scholar
- Yao Wang and Suh G. Edward. 2014. Cache games-bringing access-based cache attacks on AES to practice. In Proc. of the 6th International Symposium on Networks on Chip (NoCS). IEEE/ACM.Google Scholar
- Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proc. of the Symposium on Computer Architecture (ISCA). IEEE, 494--505. Google Scholar
Digital Library
- Philipp Wehner, Jens Rettowski, and Diana Goehringer. 2015. MPSoCSim: An extended OVP simulator for modeling and evaluation of network-on-chip based heterogeneous MPSoCs. In Proc. of the International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS). IEEE.Google Scholar
Cross Ref
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proc. of the Security Symposium, USENIX (Ed.). 719--732. Google Scholar
Digital Library
Index Terms
Application Deployment Strategies for Spatial Isolation on Many-Core Accelerators
Recommendations
Optimizing Cache Locality for Irregular Data Accesses on Many-Core Intel Xeon Phi Accelerator Chip
HPCC '14: Proceedings of the 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS)Many-core accelerator chips are becoming increasingly popular these days for its high performance floating-point performance exceeding 1 Tflops per chip. Aho-Corasick (AC) is a multiple patterns string matching algorithm commonly used in computer and ...
High Performance Parallelization of Boyer-Moore Algorithm on Many-Core Accelerators
ICCAC '14: Proceedings of the 2014 International Conference on Cloud and Autonomic ComputingBoyer-Moore (BM) algorithm is a single pattern string matching algorithm. It is considered as the most efficient string matching algorithm and used in many applications. The algorithm first calculates two string shift rules based on the given pattern ...
Adaptive Cache Bypass and Insertion for Many-core Accelerators
MES '14: Proceedings of International Workshop on Manycore Embedded SystemsMany-core accelerators, e.g. GPUs, are widely used for accelerating general-purpose compute kernels. With the SIMT execution model, GPUs can hide memory latency through massive multithreading for many regular applications. To support more applications ...






Comments